I think it is a good thing that Microsoft invited hackers to try to attack the system before it is released. A lot of people are saying how the black-hats will get a head start and not tell anybody the bugs they find. However, these guys would have found the bugs in the future anyways, and would exploit them. If one hole is found and patched, the system is safer already. These type of exercises are conducted in cryptography too. Ex: RSA offered a reward for anybody who can decrypt some of their keys, their 200 decimial digit key was factored using parallel computers, but it was found that it would take 55 years on a normal computer to crack the key. It gave them a good idea about what size keys they need to protect information for long enough (i.e. long enough so your credit card expires before someone can decrypt your transaction and buy stuff with your card, etc).
Here is an interesting article I read in a class about other systems failing: http://web.mit.edu/6.033/www/papers/wcf.pdf. Banks and ATM machine makers just tested their machines internally before putting the ATMs to use. What happened? People found ways to withdraw money from ATM machines from other accounts, people figured out how to crack pins, how to clone other ATM cards and accounts,... tons of hacks. And this was fairly recent, in the 1990s. Having one internal group to test the security is not enough. Inviting the whole world to test the security before release is much better. What would be best is if Microsoft offered some source code too (much like Linux), so the hackers can have complete information. That way most of the problems can be found and fixed beforehand. But that would never happen since they are corporation and their primary goal is to make money. But inviting attackers is a step in the right direction.
What is unfortunate is the deadlines. The shareholders want it released so they can make some more money. The media is trying to make it sound like Microsoft programmers are incompetent. Security is a "negative" goal. It is easy to prove that a system can be broken, you just come up with one hack, one example. However, how do you prove that a system cannot be broken? You have to try every single possible attack. Prolem is you don't know what the attacks are. It takes time to make sure security is at an acceptable level before it is released.
What AOL doesn't seem to understand is that their reputation is permanently damaged. It seems like they are trying to completely redesign their company, and perhaps they can actually deliver a good product. They might be able to make a great video service, a great search engine, a great web portal, etc. However, I am not going to use it just because of the name AOL. I have learned to avoid it like the plague because putting an AOL disc into my CD drive means I probably need to reformat in order to get rid of all the bloatware. I think most experienced users have a fear of touching anything AOL.
The Internet has only become popular among the average person for less than 10 years. AOL was extremely successful at first because of their brilliant marketing tactics. Don't get me wrong, I hate it, but targeting people who don't know much about the Internet was brilliant. Those people made up 99% of the population a 7-8 years ago. AOL got greedy and had tons of ads and increased rates to amounts comparable to broadband. That strategy worked too because 99% of the people didn't know much about computers or the internet. However, people learn. Right now, most people know enough to see that AOL has crappy software, their rates are too high, or if they don't know enough about the internet to see that, they have a smart friend who would tell them not to use AOL any more. AOL went for short term profits with their aggressive strategy and hurt themselves in the long run. It really wouldn't have been so hard to make an simple interface for common users and a more useful one for experienced users. Also, if they had stayed competitive with reasonable rates and less advertisements (which all the other ISPs were doing), they might have held onto some more users. Perhaps their biggest flaw was not expanding into other fields. Everybody knew that dial-up is too slow and everybody knew there was enormous demand for high speed internet. When cable and DSL started to deploy, AOL should have started to expand onto search, video content, etc, much like what Google is doing. At the time, AOL certainly had the resources to do all of this, but they didn't. Maybe it was all the shareholders, who usually demand short-run profit, but the short-sightedness of AOL ended up hurting the company big time.
Regardless of what AOL does, their reputation will continue to hurt them. There are too many stories of their aggressive marketing tactics (many of which are blatant lies), their retention policy, their crappy software, putting money over customer satisfaction... the list goes on. They finally see the mistakes of the past, and even if they change and start providing excellent service and products, it will be a long time before they can get those stains out.
Slashdot Mirror
I think it is a good thing that Microsoft invited hackers to try to attack the system before it is released. A lot of people are saying how the black-hats will get a head start and not tell anybody the bugs they find. However, these guys would have found the bugs in the future anyways, and would exploit them. If one hole is found and patched, the system is safer already. These type of exercises are conducted in cryptography too. Ex: RSA offered a reward for anybody who can decrypt some of their keys, their 200 decimial digit key was factored using parallel computers, but it was found that it would take 55 years on a normal computer to crack the key. It gave them a good idea about what size keys they need to protect information for long enough (i.e. long enough so your credit card expires before someone can decrypt your transaction and buy stuff with your card, etc). Here is an interesting article I read in a class about other systems failing: http://web.mit.edu/6.033/www/papers/wcf.pdf. Banks and ATM machine makers just tested their machines internally before putting the ATMs to use. What happened? People found ways to withdraw money from ATM machines from other accounts, people figured out how to crack pins, how to clone other ATM cards and accounts,... tons of hacks. And this was fairly recent, in the 1990s. Having one internal group to test the security is not enough. Inviting the whole world to test the security before release is much better. What would be best is if Microsoft offered some source code too (much like Linux), so the hackers can have complete information. That way most of the problems can be found and fixed beforehand. But that would never happen since they are corporation and their primary goal is to make money. But inviting attackers is a step in the right direction. What is unfortunate is the deadlines. The shareholders want it released so they can make some more money. The media is trying to make it sound like Microsoft programmers are incompetent. Security is a "negative" goal. It is easy to prove that a system can be broken, you just come up with one hack, one example. However, how do you prove that a system cannot be broken? You have to try every single possible attack. Prolem is you don't know what the attacks are. It takes time to make sure security is at an acceptable level before it is released.
What AOL doesn't seem to understand is that their reputation is permanently damaged. It seems like they are trying to completely redesign their company, and perhaps they can actually deliver a good product. They might be able to make a great video service, a great search engine, a great web portal, etc. However, I am not going to use it just because of the name AOL. I have learned to avoid it like the plague because putting an AOL disc into my CD drive means I probably need to reformat in order to get rid of all the bloatware. I think most experienced users have a fear of touching anything AOL. The Internet has only become popular among the average person for less than 10 years. AOL was extremely successful at first because of their brilliant marketing tactics. Don't get me wrong, I hate it, but targeting people who don't know much about the Internet was brilliant. Those people made up 99% of the population a 7-8 years ago. AOL got greedy and had tons of ads and increased rates to amounts comparable to broadband. That strategy worked too because 99% of the people didn't know much about computers or the internet. However, people learn. Right now, most people know enough to see that AOL has crappy software, their rates are too high, or if they don't know enough about the internet to see that, they have a smart friend who would tell them not to use AOL any more. AOL went for short term profits with their aggressive strategy and hurt themselves in the long run. It really wouldn't have been so hard to make an simple interface for common users and a more useful one for experienced users. Also, if they had stayed competitive with reasonable rates and less advertisements (which all the other ISPs were doing), they might have held onto some more users. Perhaps their biggest flaw was not expanding into other fields. Everybody knew that dial-up is too slow and everybody knew there was enormous demand for high speed internet. When cable and DSL started to deploy, AOL should have started to expand onto search, video content, etc, much like what Google is doing. At the time, AOL certainly had the resources to do all of this, but they didn't. Maybe it was all the shareholders, who usually demand short-run profit, but the short-sightedness of AOL ended up hurting the company big time. Regardless of what AOL does, their reputation will continue to hurt them. There are too many stories of their aggressive marketing tactics (many of which are blatant lies), their retention policy, their crappy software, putting money over customer satisfaction ... the list goes on. They finally see the mistakes of the past, and even if they change and start providing excellent service and products, it will be a long time before they can get those stains out.